Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60b72eb0 by Moritz Muehlenhoff at 2021-04-12T17:52:31+02:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,18 +85,22 @@ CVE-2021-30473
CVE-2021-30472
RESERVED
- libpodofo <unfixed> (bug #986794)
+ [buster] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/tickets/132/
CVE-2021-30471
RESERVED
- libpodofo <unfixed> (bug #986793)
+ [buster] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/tickets/131/
CVE-2021-30470
RESERVED
- libpodofo <unfixed> (bug #986792)
+ [buster] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/tickets/130/
CVE-2021-30469
RESERVED
- libpodofo <unfixed> (bug #986791)
+ [buster] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/tickets/129/
CVE-2021-30468
RESERVED
@@ -120,6 +124,8 @@ CVE-2021-30459
RESERVED
CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and
0.12.x ...)
- mediawiki 1:1.35.2-1
+ [buster] - mediawiki <not-affected> (Only applies to 1.35 and later)
+ [stretch] - mediawiki <not-affected> (Only applies to 1.35 and later)
NOTE: https://phabricator.wikimedia.org/T279451
CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26
for Rus ...)
NOT-FOR-US: Rust crate id-map
@@ -675,6 +681,7 @@ CVE-2021-30185 (CERN Indico before 2.3.4 can use an
attacker-supplied Host heade
NOT-FOR-US: CERN Indico
CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via
crafted ...)
- gnuchess <unfixed> (bug #986801)
+ [buster] - gnuchess <no-dsa> (Minor issue)
NOTE:
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
NOTE:
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
CVE-2021-30183
@@ -766,6 +773,7 @@ CVE-2020-36310 (An issue was discovered in the Linux kernel
before 5.8. arch/x86
NOTE:
https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e
CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in
OpenResty ...)
- nginx <unfixed> (bug #986787)
+ [buster] - nginx <no-dsa> (Minor issue)
NOTE: https://github.com/openresty/lua-nginx-module/pull/1654
CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers
to discov ...)
- redmine 4.0.7-1
@@ -21786,6 +21794,7 @@ CVE-2020-35637
RESERVED
CVE-2020-35636 (A code execution vulnerability exists in the Nef
polygon-parsing funct ...)
- cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
CVE-2020-35635
RESERVED
@@ -21803,6 +21812,7 @@ CVE-2020-35629
RESERVED
CVE-2020-35628 (A code execution vulnerability exists in the Nef
polygon-parsing funct ...)
- cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
CVE-2021-21433 (Discord Recon Server is a bot that allows you to do your
reconnaissanc ...)
NOT-FOR-US: Discord Recon Server
@@ -21870,6 +21880,7 @@ CVE-2021-21405
RESERVED
CVE-2021-21404 (Syncthing is a continuous file synchronization program. In
Syncthing b ...)
- syncthing <unfixed> (bug #986593)
+ [buster] - syncthing <no-dsa> (Minor issue)
NOTE:
https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h
NOTE:
https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97
CVE-2021-21403 (In github.com/kongchuanhujiao/server before version 1.3.21
there is an ...)
@@ -21935,12 +21946,15 @@ CVE-2021-21375 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
CVE-2021-21374 (Nimble is a package manager for the Nim programming language.
In Nim r ...)
- nim <unfixed>
+ [buster] - nim <no-dsa> (Minor issue)
NOTE:
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
CVE-2021-21373 (Nimble is a package manager for the Nim programming language.
In Nim r ...)
- nim <unfixed>
+ [buster] - nim <no-dsa> (Minor issue)
NOTE:
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
CVE-2021-21372 (Nimble is a package manager for the Nim programming language.
In Nim r ...)
- nim <unfixed>
+ [buster] - nim <no-dsa> (Minor issue)
NOTE:
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to
pull Tena ...)
NOT-FOR-US: Tenable for Jira Cloud
@@ -31263,9 +31277,11 @@ CVE-2021-1406 (A vulnerability in Cisco Unified
Communications Manager (Unified
NOT-FOR-US: Cisco
CVE-2021-1405 (A vulnerability in the PDF parsing module in Clam AntiVirus
(ClamAV) S ...)
- clamav <unfixed> (bug #986790)
+ [buster] - clamav <no-dsa> (clamav is updated via -updates)
NOTE:
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
CVE-2021-1404 (A vulnerability in the email parsing module in Clam AntiVirus
(ClamAV) ...)
- clamav <unfixed> (bug #986790)
+ [buster] - clamav <no-dsa> (clamav is updated via -updates)
NOTE:
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software
could a ...)
NOT-FOR-US: Cisco
@@ -31571,6 +31587,7 @@ CVE-2021-1253 (Multiple vulnerabilities in the
web-based management interface of
NOT-FOR-US: Cisco
CVE-2021-1252 (A vulnerability in the Excel XLM macro parsing module in Clam
AntiViru ...)
- clamav <unfixed> (bug #986790)
+ [buster] - clamav <no-dsa> (clamav is updated via -updates)
NOTE:
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
CVE-2021-1251 (Multiple vulnerabilities exist in the Link Layer Discovery
Protocol (L ...)
NOT-FOR-US: Cisco
@@ -31837,6 +31854,7 @@ CVE-2020-28637
RESERVED
CVE-2020-28636 (A code execution vulnerability exists in the Nef
polygon-parsing funct ...)
- cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
CVE-2020-28635
RESERVED
@@ -31908,6 +31926,7 @@ CVE-2020-28602
RESERVED
CVE-2020-28601 (A code execution vulnerability exists in the Nef
polygon-parsing funct ...)
- cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
CVE-2020-28600
RESERVED
@@ -32385,6 +32404,7 @@ CVE-2020-28470 (This affects the package
@scullyio/scully before 1.0.9. The tran
CVE-2020-28469
RESERVED
- node-glob-parent <unfixed>
+ [buster] - node-glob-parent <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
NOTE:
https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366
CVE-2020-28468 (This affects the package pwntools before 4.3.1. The shellcraft
generat ...)
@@ -71133,6 +71153,7 @@ CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection
because maincore.php has
NOT-FOR-US: PHP-Fusion
CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has
improper nul ...)
- opendmarc 1.4.0~beta1+dfsg-3 (bug #966464)
+ [buster] - opendmarc <no-dsa> (Minor issue)
NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/64
NOTE:
https://github.com/trusteddomainproject/OpenDMARC/commit/50d28af25d8735504b6103537228ce7f76ad765f
CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the
configu ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -33,7 +33,7 @@ python-pysaml2 (jmm)
--
salt
--
-tomcat9
+tomcat9 (jmm)
--
webkit2gtk
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60b72eb05642ce56964d635acf70d6dc9c618df6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60b72eb05642ce56964d635acf70d6dc9c618df6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
